From f42346ff83d0db315f2fbabbbd07727995b05cf9 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Tue, 13 Jun 2017 00:11:47 +0200 Subject: [PATCH] Updated Man page (markdown) --- Man-page.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Man-page.md b/Man-page.md index 19cd36b..8e836b6 100644 --- a/Man-page.md +++ b/Man-page.md @@ -37,9 +37,10 @@ All options requiring a value can be called with or without '=' e.g. ``testssl.s Alternatively can be in nmap's grep(p)able output format (-oG). Only open ports will be considered. Currently only 1x port per line is allowed. The ports can be different per line, however per mass testing run they can be either STARTTLS enabled ports OR plain TLS/SSL ports, not both. - nmap returns in that putput always IP addresses and -- only if there's a PTR DNS record available -- a hostname. + nmap returns in that output always IP addresses and -- only if there's a PTR DNS record available -- a hostname. Unfortunately this hostname from nmap is not checked whether it matches the IP (A or AAAA record). testssl.sh does this for you: - if the A record of the hostname matches the IP address, the hostname is used and not the IP address. Please be careful: checks for the IP address might not hit the vhost you want. + if the A record of the hostname matches the IP address, the hostname is used and not the IP address. + Please be careful: checks against an IP address might not hit the vhost you aimed at. --mode Mass testing to be done serial (default) or parallel (--parallel is shortcut for the latter)